CLAIMS 

What is claimed is: 



1 1 . An apparatus comprising: 

2 a controller to specify a filtering characteristic based on a control 

3 protocol from a call server serving a firewall between a source and a 

4 destination networks; and 

5 a filter coupled to the controller to filter a packet in a call 

6 transmitted from the source network based on the filtering characteristic, 

7 the filter accepting the packet if the packet satisfies the filtering 

8 characteristic and rejecting the packet otherwise. 



1 2. The apparatus of claim 1 wherein the controller further specifies a 

2 modifying action based on the control protocol. 



1 3. The apparatus of claim 2 further comprises: 

2 a modifier coupled to the controller and the filter to modify the 

3 accepted packet based on the modifying action, the modified packet being 

4 sent to the destination network. 



1 4. The apparatus of claim 1 wherein the source network is one of a 

2 public network and a private network. 

1 5. The apparatus of claim 1 wherein the destination network is one of 

2 a public network and a private network. 
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6. The apparatus of claim 1 wherein the filtering characteristic is one 
of a traffic characteristic, a network address, and a port identifier corresponding to 
the call. 

7. The apparatus of claim 1 wherein the rejected packet is sent to an 
application firewall. 

8. The apparatus of claim 3 wherein the modifying action is one of an 
address swapping, a port swapping, and a protocol conversion. 

9. The apparatus of claim 8 wherein the protocol conversion is a 
conversion between an IPv4 and an IPv6. 

10. The apparatus of claim 6 wherein the call is a voice over Internet 
protocol (VoIP) call. 

1 1 . The apparatus of claim 1 wherein the control protocol is one of a 
megaco protocol and a Common Open Policy Service (COPS) protocol. 

12. The apparatus of claim 1 wherein the filter comprises: 

an extractor to extract a packet characteristic from the packet; 

a matcher coupled to the extractor to match the packet 
characteristic with the filtering characteristic; and 

a packet router coupled to the matcher to route the packet to the 
modifier if the packet characteristic matches the filtering characteristic. 
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13. A method comprising: 

specifying a filtering characteristic based on a control protocol 
from a call server serving a firewall between a source and a destination 
networks; 

filtering a packet in a call transmitted from the source network 
based on the filtering characteristic; and 

accepting the packet if the packet satisfies the filtering 
characteristic and rejecting the packet otherwise. 

14. The method of claim 13 wherein specifying further comprises 
specifying a modifying action based on the control protocol. 

15. The method of claim 14 further comprises: 

modifying the accepted packet based on the modifying action, the 
modified packet being sent to the destination network. 

16. The method of claim 13 wherein the source network is one of a 
public network and a private network. 

17. The method of claim 13 wherein the destination network is one of 
a public network and a private network. 

18. The method of claim 13 wherein the filtering characteristic is one 
of a traffic characteristic, a network address, and a port identifier corresponding to 
the call. 
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1 19. The method of claim 13 wherein the rejected packet is sent to an 

2 application firewall. 

1 20. The method of 13 wherein the modifying action is one of an 

2 address swapping, a port swapping, and a protocol conversion. 

1 21. The method of claim 20 wherein the protocol conversion is a 

2 conversion between an IPv4 and an IPv6. 

1 22. The method of claim 18 wherein the call is a voice over Internet 

2 protocol (VoIP) call. 

1 23. The method of claim 13 wherein the control protocol is one of a 

2 megaco protocol and a Common Open Policy Service (COPS) protocol. 

1 24. The method of claim 13 wherein filtering comprises: 

2 extracting a packet characteristic from the packet; 

3 matching the packet characteristic with the filtering characteristic; 

4 and 

5 routing the packet to the modifier if the packet characteristic 

6 matches the filtering characteristic. 

1 25. A computer program product comprising: 

2 a machine useable medium having computer program code 

3 embedded therein, the computer program product having: 
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4 computer readable program code to specify a filtering 

5 characteristic based on a control protocol from a call server serving 

6 a firewall between a source and a destination networks; and 

7 computer readable program code to filter a packet in a call 

8 transmitted from the source network based on the filtering 

9 characteristic; and 

1 0 computer readable program code to accept the packet if the 

1 1 packet satisfies the filtering characteristic and rejecting the packet 

12 otherwise. 

1 26. The computer program product of claim 25 wherein the computer 

2 readable program code to specify further comprises specifying a modifying action 

3 based on the control protocol. 

1 27. The computer program product of claim 26 further comprises: 

2 computer readable program code to modify the accepted packet 

3 based on the modifying action, the modified packet being sent to the 

4 destination network. 

1 28. The computer program product of claim 25 wherein the source 

2 network is one of a public network and a private network. 

1 29. The computer program product of claim 25 wherein the destination 

2 network is one of a public network and a private network. 
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1 30. The computer program product of claim 25 wherein the filtering 

2 characteristic is one of a traffic characteristic, a network address, and a port 

3 identifier corresponding to the call. 

1 31. The computer program product of claim 25 wherein the rejected 

2 packet is sent to an application firewall. 

1 32. The computer program product of 25 wherein the modifying action 

2 is one of an address swapping, a port swapping, and a protocol conversion. 

1 33. The computer program product of claim 32 wherein the protocol 

2 conversion is a conversion between an IPv4 and an IPv6. 

1 34. The computer program product of claim 30 wherein the call is a 

2 voice over Internet protocol (VoIP) call. 

1 35. The computer program product of claim 25 wherein the control 

2 protocol is one of a megaco protocol and a Common Open Policy Service (COPS) 

3 protocol. 

1 36. The computer program product of claim 25 wherein the computer 

2 readable program code to filter comprises: 

3 computer readable program code to extract a packet characteristic 

4 from the packet; 
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5 computer readable program code to match the packet characteristic 

6 with the filtering characteristic; and 

7 computer readable program code to route the packet to the modifier 

8 if the packet characteristic matches the filtering characteristic. 

1 37. A system comprising: 

2 a source and destination networks; 

3 an application firewall coupled to the source and destination 

4 networks; and 

5 a real-time firewall coupled to the source and destination networks 

6 to process real-time packets, the real-time firewall comprising: 

7 a controller to specify a filtering characteristic based on a 

8 control protocol from a call server serving a firewall between a 

9 source and a destination networks, and 

10 a filter coupled to the controller to filter a packet in a call 

1 1 transmitted from the source network based on the filtering 

12 characteristic, the filter accepting the packet if the packet satisfies 

13 the filtering characteristic and rejecting the packet otherwise. 

1 38. The system of claim 37 wherein the controller further specifies a 

2 modifying action based on the control protocol. 

1 39. The system of claim 38 further comprises: 

2 a modifier coupled to the controller and the filter to modify the 

3 accepted packet based on the modifying action, the modified packet being 

4 sent to the destination network. 
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# # 

1 40. The system of claim 37 wherein the source network is one of a 

2 public network and a private network. 

1 41 . The system of claim 37 wherein the destination network is one of a 

2 public network and a private network. 

1 42. The system of claim 37 wherein the filtering characteristic is one of 

2 a traffic characteristic, a network address, and a port identifier corresponding to 

3 the call. 

1 43. The system of claim 37 wherein the rejected packet is sent to an 

2 application firewall. 

1 44. The system of claim 39 wherein the modifying action is one of an 

2 address swapping, a port swapping, and a protocol conversion. 

1 45. The system of claim 44 wherein the protocol conversion is a 

2 conversion between an IPv4 and an IPv6. 

1 46. The system of claim 42 wherein the call is a voice over Internet 

2 protocol (VoIP) call. 

1 47. The system of claim 37 wherein the control protocol is one of a 

2 megaco protocol and a Common Open Policy Service (COPS) protocol. 



003239.P076 



-17- 



1 48. The system of claim 37 wherein the filter comprises: 

2 an extractor to extract a packet characteristic from the packet; 

3 a matcher coupled to the extractor to match the packet 

4 characteristic with the filtering characteristic; and 

5 a packet router coupled to the matcher to route the packet to the 

6 modifier if the packet characteristic matches the filtering characteristic. 

1 49. An apparatus comprising: 

2 a controller to specify a filtering characteristic based on a control 

3 protocol from a call server serving a firewall between a source and a 

4 destination networks; 

5 a filter coupled to the controller to filter a packet in a call 

6 transmitted from the source network based on the filtering characteristic, 

7 the filter accepting the packet if the packet satisfies the filtering 

8 characteristic and rejecting the packet otherwise; and 

9 a modifier coupled to the controller and the filter to modify the 

10 accepted packet based on the modifying action, the modified packet being 

1 1 sent to the destination network. 

1 50. The apparatus of Claim 49 wherein the controller further specifies 

2 a modifying action based on the control protocol. 

1 51. The apparatus of claim 1 wherein the source network is one of a 

2 public network and a private network. 
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1 52. The apparatus of claim 1 wherein the destination network is one of 

2 a public network and a private network. 
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